* Heikki Linnakangas (hlinn...@iki.fi) wrote:
> I'm not sure how expensive a brute force attack on SRP would be,
> using a stolen backup tape. There doesn't seem to be an iterations
> count similar to SCRAM. But note that SRP's resistance to
> brute-forcing the authentication handshake is of a different kind.
> It's not just expensive, but outright impossible. (Don't ask me how
> that works; I'm not well-versed in the maths involved.) That's a big
> advantage because it means that it's OK to use a fairly weak
> password like 'foobar123' that would be trivially cracked with a
> dictionary attack.

If it's actually impossible then that's certainly interesting..  I don't
get how that's possible, but ok.

> (You can still connect to the server and try
> different passwords, but the server can log that and throttle how
> many guesses / minute it let's you do)

Wouldn't that be nice...  Wish we did it. :(



Attachment: signature.asc
Description: Digital signature

Reply via email to